Krebs on Security
AUGUST 14, 2020
R1 RCM Inc. [ NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. , Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide.
Schneier on Security
AUGUST 14, 2020
The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
AUGUST 14, 2020
It's an extra early one this week and on review, I do look a bit. dishevelled! I run through a whole bunch of things from this week's Twitter timeline and there's some great audience questions this week too so thanks very much everyone for the engagement. Next we'll do it at the other end of the day again and I'm sure there'll be a heap of new stuff to cover before then.
Adam Levin
AUGUST 12, 2020
Cybercriminals are increasingly registering email addresses with legitimate services and using them in the commission of business email compromise (BEC) attacks. A recent study of hacking methods published by Barracuda found that more than 6,000 email accounts using legitimate services had been linked to more than 100,000 BEC attacks on roughly 6,600 organizations this year. .
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
AUGUST 11, 2020
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete,
Schneier on Security
AUGUST 10, 2020
Yet another Internet-connected door lock is insecure : Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary codes and 'Ekeys' to friends and guests for scheduled access, but according to Tripwire researcher Craig Young, a hacker able to sniff out the device's MAC address can help themselves to an access key, to
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
AUGUST 13, 2020
The SANS Institute, a company that provides cybersecurity training and certification, announced that a data breach compromised the personally identifiable data of roughly 28,000 records. The breach has been traced back to a phishing attack that targeted an employee of the company. Describing itself as “the most trusted and by far the largest source for information security training in the world,” SANS stated in their announcement of the breach on August 6 that they “identified a suspicious forwa
Krebs on Security
AUGUST 12, 2020
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including ev
Schneier on Security
AUGUST 13, 2020
Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" deliberate attempts to direct moral judgement against their target.
Tech Republic Security
AUGUST 12, 2020
Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
AUGUST 14, 2020
The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community.
WIRED Threat Level
AUGUST 12, 2020
Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data.
Schneier on Security
AUGUST 14, 2020
This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September 9, 2020. The list is maintained on this page.
Tech Republic Security
AUGUST 12, 2020
The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
AUGUST 14, 2020
Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack. According to an internal memo obtained by ZDNet last week, the recent outage suffered by Canon was caused by a ransomware attack, at the same time Maze ransomware operators were taking the credit for the incident. The memo also reveals that the company has hired an external security firm to investigate the incident.
WIRED Threat Level
AUGUST 9, 2020
Researchers found troubling bugs in open-source libraries used by financial institutions.
Schneier on Security
AUGUST 12, 2020
Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here.
Tech Republic Security
AUGUST 11, 2020
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
AUGUST 13, 2020
Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers. The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country’s defence manufacturers. According to the officials, the attack was launched by “an international cyber group called ‘ Lazarus.’ The Lazarus APT is linked to No
WIRED Threat Level
AUGUST 9, 2020
A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate.
Schneier on Security
AUGUST 11, 2020
The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients.
Tech Republic Security
AUGUST 11, 2020
Most IT leaders say their priorities have shifted since the coronavirus pandemic surfaced around the start of the year, says Hitachi ID.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 12, 2020
The SANS Institute suffered a data breach, 28,000 user records containing personally identifiable information (PII) were exposed. On August 6, during a review of email configuration and rules, the staff at the SANS Institute discovered a security breach. 28,000 records of personally identifiable information (PII) have been forwarded to an unknown email address.
WIRED Threat Level
AUGUST 10, 2020
Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive.
Dark Reading
AUGUST 10, 2020
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
Tech Republic Security
AUGUST 10, 2020
Such attacks have tried to capitalize on the loans provided by the SBA in the wake of the coronavirus pandemic.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
AUGUST 11, 2020
A researcher found multiple flaws in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. The security researcher Pedro Umbelino from Portugal-based cybersecurity services provider Char49 discovered multiple vulnerabilities in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. “There are several vulnerabilities in the Find My Mobile package that can ultima
WIRED Threat Level
AUGUST 8, 2020
Plus: A Canon ransomware hack, a nasty Twitter bug, and more of the week's top security news.
Threatpost
AUGUST 10, 2020
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Tech Republic Security
AUGUST 13, 2020
Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
363 
Let's personalize your content